SShortSingh.
Back to feed

How to safely feed your entire codebase to AI models without leaking secrets

0
·1 views

Developers working with AI coding assistants often struggle when projects grow too large to paste file by file into a chat window. Common pitfalls include accidentally exposing API keys, exceeding model context limits, and losing structural context across dozens of snippets. A recommended workflow involves consolidating the repository into a single ordered document, automatically masking credentials before submission, and trimming file contents intelligently to fit within each model's token budget. Open-source CLI tool ctxpack automates all three steps, supporting models like Claude, GPT-5, and Gemini 2.5 Pro with varying context windows. The tool is MIT-licensed and available on GitHub for developers looking to streamline full-project AI sessions.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

How to Create Telegram Animated Stickers from SVG Without After Effects

Telegram animated stickers and custom emoji use a proprietary format called TGS, which can be created directly from SVG files without professional motion-design software. Designers can export vector SVGs from tools like Figma, Illustrator, or Inkscape and convert them using a free client-side tool called SVG to TGS, available at svgtotgs.com. The tool runs entirely in the browser via WebAssembly, meaning no files are uploaded to external servers. Telegram enforces strict sticker requirements — 512×512 pixels, under 64 KB, up to 3 seconds long, and at 60 FPS — which a good converter will enforce automatically. Once converted, the resulting TGS file can be submitted to Telegram's @Stickers bot to add it to a sticker pack or used in the custom emoji workflow.

0
ProgrammingDEV Community ·

Swipe Cleaner Processes All Photos On-Device, Avoiding Cloud Upload Risks

Most iOS photo-cleaning apps silently upload users' entire camera rolls to remote servers for processing, raising serious privacy concerns that no policy can fully address. Swipe Cleaner, developed by Opennomos, takes a different approach by running all duplicate detection, blur analysis, and photo grouping entirely on the user's iPhone using Apple's Core ML, Vision, and Metal frameworks. The app makes no network requests related to photo processing, weighs just 4.7MB, and uses optimized, quantized ML models suited for mobile hardware. The developer argues that treating privacy as a core architectural constraint — rather than a toggleable feature — eliminates the risk of accidental data exposure through future updates or policy changes. While this approach rules out certain cloud-dependent capabilities, the team contends that users ultimately want organized photos, not cloud processing, making the trade-off largely irrelevant.

0
ProgrammingDEV Community ·

New HTTP QUERY Method Works in Runtimes but Triggers Edge Bot Filters in Production

RFC 10008 formally introduced QUERY as a new HTTP method in June 2025, offering GET-like semantics — safe, idempotent, and cacheable — while allowing query data to be sent in the request body rather than the URL. A developer tested QUERY across multiple production and local environments, including Vercel serverless functions in Python and Node, Supabase Edge, and local FastAPI, finding that all runtimes handled the method correctly. However, Vercel's built-in bot mitigation system began issuing 403 challenge responses specifically for QUERY requests, blocking them at the edge before they ever reached the backend function. The issue was reproduced from a second client, with GET and POST requests completing cleanly while QUERY traffic was flagged as suspicious from the fourth request onward. The findings highlight that while server runtimes and frameworks are increasingly ready for QUERY, edge infrastructure and security layers have yet to recognise it as a legitimate HTTP method.